Rabat’s cybersecurity sector is booming, but it speaks French

Morocco aims to become an African digital hub and has placed cybersecurity at the heart of its 2026–2030 national strategy. Five pillars have been announced: talent development, strengthening resilience, countering threats, managing technological dependencies and international cooperation. The Directorate-General for Information Systems Security (DGSSI), under the auspices of the Ministry of Defence, coordinates activities within a growing market. Spending on cyber solutions and services in Morocco is estimated to rise from around $145 million in 2025 to over $238 million in 2031. This is modest, but nonetheless a positive sign.

Spending is being driven by the push for digital transformation in banking, telecommunications, public administration and industrial supply chains, as well as by regulatory and insurance pressures. However, demand far outstrips the supply of qualified professionals, and this is where the system’s main weakness lies. The country is, in fact, suffering from the same skills shortage affecting the rest of Africa: just a few thousand experts to meet a demand that, by 2030, will run into hundreds of thousands. In Morocco, two types of professional coexist: self-taught young people with good practical skills but little formal certification; and graduates from engineering schools and universities who are theoretically sound but have limited practical experience. Above all, there is a shortage of infrastructure and telecoms specialists, application architects capable of ‘secure design’, teams specialising in red teaming and advanced penetration testing, and managers with proven experience in crisis management.

To speed up the process, the government has relaxed recruitment rules in the public sector: the DGSSI can recruit experts on fixed-term contracts more quickly than through traditional competitive examinations. This move signals a sense of urgency, but does not resolve the issue of staff retention: the salaries and career prospects offered by large international groups remain more attractive. On the industrial front, the local ecosystem is buzzing but still fragile. Alongside integrators and resellers of foreign technologies, a generation of start-ups is emerging — including Indatacore, AuthGuard.NET, Guardome and Vulncore — focused on security solutions, digital identity, encryption and managed services. The critical mass, however, is limited: many firms operate as distributors for European vendors, particularly French ones, rather than as developers of proprietary products. This results in a technological dependency that the national strategy itself recognises as a risk and which reduces autonomy in responding to threats. The education sector is also evolving, but not quickly enough. Programmes dedicated to cybersecurity are available at a number of leading universities: Mohammed V University in Rabat, Hassan II University in Casablanca, Sidi Mohamed Ben Abdellah University in Fez, Cadi Ayyad University, Al Akhawayn University in Ifrane and Ensam Casablanca, the latter offering courses focused on both defence and offensive strategies with a strong emphasis on cloud computing. However, the provision remains skewed towards theory.

France is the dominant European partner. Regulatory alignment, the links between the DGSSI and ANSSI (the French cyber agency), the commercial presence of French vendors and the flow of talent to Paris all point to a structural dependence, further reinforced by digital dialogues with the EU. This collaboration provides access to technology and intelligence, but exposes the country to the risk of lock-in: should relations sour, the institutional framework is in place, market demand is robust and political attention is high. However, three vulnerabilities remain: the skills gap, limited domestic technology production and dependence on a single European partner. Addressing these requires a targeted industrial policy and a practice-oriented educational reform, with dual university–business pathways and national security organisations. If Morocco succeeds in translating its strategy and expenditure into operational capabilities, it could become a credible regional player in digital security.